Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 6 Jun 2015 10:54:02 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: poor man's fuzzer

Hi Kai,

On Sat, Jun 06, 2015 at 02:21:02PM +0800, Kai Zhao wrote:
> 44: open(TESTS, './john --list=format-tests --format=cpu |') || die;

Please upgrade to the newer version of fuzz.pl that I posted.  It has
'| shuf |' on this line, along with some changes elsewhere:

http://www.openwall.com/lists/john-dev/2015/06/05/16

> Why with "--format=cpu" ?

Because of this bug:

http://www.openwall.com/lists/john-dev/2015/06/05/4

as well as just to focus on CPU formats for now, leaving the OpenCL and
CUDA stuff for you to fuzz (you'll need to modify the script, perhaps to
read the format names and test vectors from a text file).

> command1: ./john --list=format-tests --format=cpu
> command2: ./john --list=format-tests
> 
> The output of command1 and command2 are the same.

Yes, which means that you built without OpenCL and CUDA support, like
you should have for now (for faster startup).  However, you'll need to
also make and fuzz a build with OpenCL and CUDA, actually focusing on
-opencl and -cuda formats, in a separate directory.  For -cuda, you'll
need to run this on a machine with at least an NVIDIA GPU.  For -opencl,
there's no such requirement, because OpenCL may also target CPU (but you
do need an OpenCL SDK installed).

I think that so far -opencl and -cuda formats have mostly escaped our
fuzzing, because we were excluding them for simplicity.  Yet they may
contain buggy valid() and such just like the CPU formats often do.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ